Privacy Policy

Last updated: March 22, 2026

This policy explains what data AgentReceipt collects, how it is used, and what rights you have over it.

Who we are

AgentReceipt is based in the United Kingdom. If you have questions about this policy, contact us at support@agentreceipt.co.

What data we collect

Account data

When you sign up, we collect your email address and, if you use GitHub or Google OAuth, your name and profile picture from that provider.

Billing data

If you subscribe to a paid plan, Stripe processes your payment details. We store your Stripe customer ID and subscription status. We do not store full card numbers.

Agent event data

When you integrate the AgentReceipt SDK into your application, we receive and store the events your agent sends. This includes LLM call inputs and outputs, tool call data, decisions, and any metadata you attach. This data may contain personal information depending on what your agent processes.

Raw payloads from LLM calls are stored in Cloudflare R2. Event metadata (timestamps, event types, hashes) is stored in our database hosted on Neon.

Usage data

We collect basic usage information such as pages visited and actions taken in the dashboard. We do not use third-party analytics services.

How we use your data

We use your data to:

  • Provide and operate the AgentReceipt service
  • Send transactional emails (magic links, invite notifications, billing receipts)
  • Enforce plan limits and billing
  • Respond to support requests

We do not sell your data. We do not use your data for advertising.

How long we keep your data

Account data is kept for as long as your account is active. If you delete your account, we delete your account data within 30 days.

Agent event data is retained according to your plan:

  • Free: 7 days
  • Pro: 90 days
  • Business: 365 days
  • Enterprise: Custom, as agreed

Raw LLM payloads stored in Cloudflare R2 can be deleted on request regardless of your plan. See the GDPR section below.

Who we share data with

We share data with these third-party services to operate the product:

  • Neon (database hosting) stores event metadata and account data. Located in AWS US East.
  • Cloudflare R2 (object storage) stores raw LLM payloads. Global CDN.
  • Stripe (payments) processes subscription billing.
  • Resend (email) sends transactional emails.
  • Upstash (rate limiting) stores temporary rate limit counters. No personal data stored.
  • Vercel (hosting) serves the web application. May log request IP addresses.
  • Sigstore Rekor (transparency log) for Pro and Business plans, a hash of completed sessions is submitted to this public log. No personal data is included in the submission, only a cryptographic hash.

We do not share your data with any other third parties.

GDPR rights

If you are based in the European Union or United Kingdom, you have the following rights:

Right to access

You can request a copy of the personal data we hold about you.

Right to correction

You can ask us to correct inaccurate data.

Right to erasure

You can request deletion of your personal data. We will delete your account data and raw LLM payloads from Cloudflare R2. Note that event metadata and hash chain records are stored in an append-only, immutable database as part of the audit trail. These records cannot be deleted, but they do not contain your LLM inputs and outputs.

Right to portability

You can request an export of your data in a machine-readable format.

Right to object

You can object to processing based on legitimate interests.

To exercise any of these rights, email support@agentreceipt.co. We will respond within 30 days.

Data transfers

AgentReceipt is operated from the United Kingdom. Our infrastructure providers (Neon, Cloudflare, Vercel) may store data in the United States. Where data is transferred outside the UK or EU, we rely on standard contractual clauses or equivalent mechanisms.

Security

We use encryption in transit (HTTPS) and at rest for all stored data. API keys are stored as SHA-256 hashes. Access to production systems is restricted to authorised personnel.

If you discover a security vulnerability, please email support@agentreceipt.co.

Changes to this policy

We will update this page when this policy changes and update the date at the top. For significant changes, we will notify you by email.

Contact

support@agentreceipt.co